SSL VPN's IPsec, pp......

Toggle sidebar Toggle sidebar
G

Goosemaster

Lifer
Apr 10, 2001
48,775
3
81
I have heard wonders about how SSL VPN's are great for web-based apps and such that do not require an internal IP for resource-vailidation.

Obviously IPsec and PPTP are more useful if you need to have direct access to LAN resources from the WAN.

I have tried to set up internal LAN VPN's to traverse my wireless network securely, but am getting no where.


SSL VPN seems like it would be nice in terms of accessing certain web apps I have remotely, but I am still no where in terms of getting VPN to work over my LAN...specifically my wireless netowrk.


hints,llink etc welcome
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: JackMDS
Securing the Wireless connection via VPN slows it down so much that it becomes almost None functional.

It is based on setting WinXP Pro as a software VPN Server.

Link to: Configure Windows XP Professional to be a VPN server.

:sun:
Click to expand...

How do you figure (I really don't know, and should have been asleep hours ago so if I sound a-holish it's an accident :p)?

There are cheap home systems out there able to crunch AES at say 12mbit/s. So say 8mbit/s vpn worth of crunching. You aren't going to see the full 11mbit/s on the wireless setup, and you'll probably be pretty lucky to get 8mbit/s.

EDIT: Errrr, 12Gbit/s, not 12mbit/s. Oops! :eek:
 
G

Goosemaster

Lifer
Apr 10, 2001
48,775
3
81
Originally posted by: n0cmonkey
Originally posted by: JackMDS
Securing the Wireless connection via VPN slows it down so much that it becomes almost None functional.

It is based on setting WinXP Pro as a software VPN Server.

Link to: Configure Windows XP Professional to be a VPN server.

:sun:
Click to expand...

How do you figure (I really don't know, and should have been asleep hours ago so if I sound a-holish it's an accident :p)?

There are cheap home systems out there able to crunch AES at say 12mbit/s. So say 8mbit/s vpn worth of crunching. You aren't going to see the full 11mbit/s on the wireless setup, and you'll probably be pretty lucky to get 8mbit/s.

EDIT: Errrr, 12Gbit/s, not 12mbit/s. Oops! :eek:
Click to expand...


My guess would be that the problem with wireless VPN would be that there is not enough bandwith.

If a POS netgear router can do 1.5Mbps of VPN traffic with it's 33mhz chip, and a 1.8Ghz chip can do about 655Mbps of SPI traffic and definitely a few hundred Mbps of VPN running AStaro Security Linux, processing power is not the problem in this case....


Any wyas, I guess I could use astaro as a raius server or an internal VPN server...hmmm..i got myself thinking again...
 
B

Boscoh

Senior member
Jan 23, 2002
501
0
0
Hmmmm.

I ran IPSec over wireless to secure my network for a good 8 months before a WPA update was available for my router. Never had a problem with it. Was using AES-256 with SHA-HMAC AH's and a fairly low security association lifetime. It didnt slow me down noticeably. But I wasnt doing anything except browsing and email.

Could be the reason it's been slow for you Jack is because you're using Windows ;). I was doing it with a PIX 501 as the VPN server, and Easy VPN Client software version 4.x.
 
G

groovin

Senior member
Jul 24, 2001
857
0
0
ive run a sloppy ipsec wifi using freebsd and linux using PIII boxes and they seemed to work alright. I was becoming curious about SSL wifi now as well (openVPN). i wonder if anyone has done any performance benchmarks between the two. i guess thats what google is for!
 
JackMDS

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,545
421
126
Originally posted by: Boscoh
Hmmmm.

I ran IPSec over wireless to secure my network for a good 8 months before a WPA update was available for my router. Never had a problem with it. Was using AES-256 with SHA-HMAC AH's and a fairly low security association lifetime. It didnt slow me down noticeably. But I wasnt doing anything except browsing and email.

Could be the reason it's been slow for you Jack is because you're using Windows ;). I was doing it with a PIX 501 as the VPN server, and Easy VPN Client software version 4.x.
Click to expand...
Well I tried it a while ago with 802.11b. This thread leads me to revisit the issue with 802.11g could be that it is going to be a viable solution.

Thanks Guys.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: groovin
ive run a sloppy ipsec wifi using freebsd and linux using PIII boxes and they seemed to work alright. I was becoming curious about SSL wifi now as well (openVPN). i wonder if anyone has done any performance benchmarks between the two. i guess thats what google is for!
Click to expand...

What kind of benchmarks do you think should be run?

I've been thinking of setting up a VPN at home for giggles, so if I get time off I might try it. ;)
 
G

Goosemaster

Lifer
Apr 10, 2001
48,775
3
81
Originally posted by: n0cmonkey
Originally posted by: groovin
ive run a sloppy ipsec wifi using freebsd and linux using PIII boxes and they seemed to work alright. I was becoming curious about SSL wifi now as well (openVPN). i wonder if anyone has done any performance benchmarks between the two. i guess thats what google is for!
Click to expand...

What kind of benchmarks do you think should be run?

I've been thinking of setting up a VPN at home for giggles, so if I get time off I might try it. ;)
Click to expand...

The thing is what are you planning to use it for? SSL VPNs are different than the Ipsec and such....
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: Goosemaster
Originally posted by: n0cmonkey
Originally posted by: groovin
ive run a sloppy ipsec wifi using freebsd and linux using PIII boxes and they seemed to work alright. I was becoming curious about SSL wifi now as well (openVPN). i wonder if anyone has done any performance benchmarks between the two. i guess thats what google is for!
Click to expand...

What kind of benchmarks do you think should be run?

I've been thinking of setting up a VPN at home for giggles, so if I get time off I might try it. ;)
Click to expand...

The thing is what are you planning to use it for? SSL VPNs are different than the Ipsec and such....
Click to expand...

WAP encryption. I won't ever get around to it though. :p
 
N

nightowl

Golden Member
Oct 12, 2000
1,935
0
0
I have done some tests with .11b with and without VPN services and the overhead of the VPN was about 10%. I don't really call that slowing down the link too much. I have seen the same results on the web too. Also, if you are looking to secure your wireless network with a basic VPN look at using PoPToP. It is the *nix version of a PPTP server/client. I have used it for awhile and it has worked pretty well. It is really easy to setup as long as you are traversing 2 different networks.
 
Kadarin

Kadarin

Lifer
Nov 23, 2001
44,296
16
81
Does anyone even make a home sslvpn endpoint solution? :confused:

I often sslvpn into my work from my laptop, on a wireless connection here at home, and it works fine. Web-based apps work fine, as does the Outlook fat client, and telnet/ssh. (This is with an sslvpn solution that uses an ActiveX plugin as the actual client.)
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom